AS-REQ using SPN
Rowland Penny
rpenny at samba.org
Wed Nov 15 10:03:58 UTC 2017
On Wed, 15 Nov 2017 10:53:36 +0100
Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:
> Hi Garming,
>
> On Wed, Nov 15, 2017 at 11:34:18AM +1300, Garming Sam wrote:
> > I noticed that this behaviour of AS-REQ with a SPN was introduced a
> > little while ago. It asserted that this is in line with Windows,
> > but I have been making some attempts and have yet to see any
> > Windows KDC manage to accept such a request (so something is not
> > quite right, or I'm missing something). I've tried it against a
> > 2008R2 and 2012R2 machine.
>
> works here against Windows 2016:
>
> [slow at kazak scratch]$ cat /etc/krb5.conf
> [libdefaults]
> default_realm = RIVERSIDE.SITE
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> RIVERSIDE.SITE = {
> kdc = 10.10.11.14
> }
>
Hi Ralph, would you like to try that again with the Samba recommended
krb5.conf ?
Which is:
[libdefaults]
default_realm = RIVERSIDE.SITE
dns_lookup_realm = false
dns_lookup_kdc = true
Rowland
More information about the samba-technical
mailing list